Many organizations, e.g., IT organizations, are managing vast amounts of resources and data. Those resources are being managed by different personas with different functions within the organization. This situation results in the need to restrict access to this data according to the persona's function within the organization, and therefore the ability to control, manage and authorize the access to those resources. Managing such an authorization model can be very complex and difficult due to the large amount of resources and functions.